Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\Autorun.exe
[%SYSTEM%]\$sys$caj.dll
[%SYSTEM%]\$sys$upgtool.exe
[%SYSTEM%]\drivers\$sys$cor.sys
[%SYSTEM%]\tmpx\apix.vxd
[%SYSTEM%]\tmpx\aspienum.vxd
[%SYSTEM%]\tmpx\wnaspi.dll
[%SYSTEM%]\tmpx\wnaspi32.dll
[%WINDOWS%]\cdproxyserv.exe
[%PROFILE_TEMP%]\Autorun.exe
[%SYSTEM%]\$sys$caj.dll
[%SYSTEM%]\$sys$upgtool.exe
[%SYSTEM%]\drivers\$sys$cor.sys
[%SYSTEM%]\tmpx\apix.vxd
[%SYSTEM%]\tmpx\aspienum.vxd
[%SYSTEM%]\tmpx\wnaspi.dll
[%SYSTEM%]\tmpx\wnaspi32.dll
[%WINDOWS%]\cdproxyserv.exe How to detect XCP.Sony.Rootkit:
Files:
[%PROFILE_TEMP%]\Autorun.exe
[%SYSTEM%]\$sys$caj.dll
[%SYSTEM%]\$sys$upgtool.exe
[%SYSTEM%]\drivers\$sys$cor.sys
[%SYSTEM%]\tmpx\apix.vxd
[%SYSTEM%]\tmpx\aspienum.vxd
[%SYSTEM%]\tmpx\wnaspi.dll
[%SYSTEM%]\tmpx\wnaspi32.dll
[%WINDOWS%]\cdproxyserv.exe
[%PROFILE_TEMP%]\Autorun.exe
[%SYSTEM%]\$sys$caj.dll
[%SYSTEM%]\$sys$upgtool.exe
[%SYSTEM%]\drivers\$sys$cor.sys
[%SYSTEM%]\tmpx\apix.vxd
[%SYSTEM%]\tmpx\aspienum.vxd
[%SYSTEM%]\tmpx\wnaspi.dll
[%SYSTEM%]\tmpx\wnaspi32.dll
[%WINDOWS%]\cdproxyserv.exe
Folders:
[%SYSTEM%]\$sys$filesystem
Registry Keys:
HKEY_CLASSES_ROOT\clsid\{78037074-0beb-496e-9e4c-92d92d562168}
HKEY_CLASSES_ROOT\clsid\{c62a2089-4eb1-4ebb-8635-0d1fcdd6bf25}
HKEY_CLASSES_ROOT\interface\{6d92b32f-ef61-4366-bd2a-2fff9220e331}
HKEY_CLASSES_ROOT\interface\{d3c63786-0568-477d-b39d-f04cddc3c574}
HKEY_CLASSES_ROOT\typelib\{98cdb417-4f5c-4d8c-93dc-df5ab156e997}
HKEY_CLASSES_ROOT\xcpplayercontrol.xcpplayercontrolctrl.1
HKEY_CURRENT_USER\software\cdextrainstall
HKEY_LOCAL_MACHINE\software\$sys$reference
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_$sys$aries
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_$sys$drmserver
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_$sys$lim
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_$sys$oct
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cd_proxy
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$aries
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$cor
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$crater
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\$sys$DRMServer
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cd_proxy
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\$sys$drmserver
Registry Values:
HKEY_LOCAL_MACHINE\software\ecddiscproducers
HKEY_LOCAL_MACHINE\software\ecddiscproducers
Removing XCP.Sony.Rootkit:
You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.
Or buy it to remove ALL viruses from your computer.Also Be Aware of the Following Threats:
Lycos.Boot.Helper Trojan Information
As1.falkag.de Tracking Cookie Removal
No comments:
Post a Comment